John Young wrote: | If this is logging (and related retrieval) is done covertly, | encryption could thereby become a falsely reassuring | cloak of privacy. | | Dave thinks devices like these are surely in the works, | and he can say more about their sponsors, technologies | and implementations. Keystroke logging technology exists commercially as a result of the shit reliability of commercial OSs. Turning one of them quite stealth wouldn't be hard; they're very innocous as is. Also note things like the recent MS 'send chunks of ram in Word documents' bug in Word for the Mac. (Actually an OLE bug.) The benefit to encryption is not that it makes your data secure, but that it allows you to communicate safely in the presense of adversaries. (Rivest's definition.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume

there is no such word as "can not" in terms of covert surveillance; however, if the method is to be universal, the gubmnt will need to 1. enforce drastic standardization of hardware systems if the logging functions are to be effective. this might Intel rather happy and Intel is the type of organization which would perform the function with glee, if they are not already developing it. for instance, I just installed a ATX-BX-AGP motherboard which consists of a "few" VLSI support chips for the SLot 1 processor: PCI, PCI to ISA, IDE, USB, and power management (5 chips, all Intel) plus adaptec SCSI and Intel's 100M ethernet. it would be easy enough to embed the keystroke function since the PC98 spec calls for total implementation of the USB controlled. 2. enforce drastic standardization of operating systems to support the hardware --which makes MickeySnot ideal in so much as they do not publish source code. my question would be whether or not Gate$ was doing the SIGINT or the government. embedding WIPO is a wet dream on the part of the same publishers which are trying to ram home the draconian M$ software license in the UCC revisions up for vote in Cleveland later this month. why M$? they are almost universal. I, for one, refuse to run _anything_ branded by Gate$ encroaching sloth --never have, never will. I can see the government trying to slip their code into freeBSD distributions --welcome to the anarchists... likewise, Linux, netBSD, BSDI, etc. and, I would say the government's interest is significantly more advanced for the known dedicated hackers, operating systems tweakers, and other assorted non-conformists who do not subscribe to M$. bottom line is a proprietary OS --and getting everyone to run it --good luck, other than by unenforcable fiat; there will be ways to circumvent any clamp although the feds will certainly thin our ranks. 3. provide some means of transparently piggy-backing the information (presumably in raw form) on the network. again, the cooperation of the operating system is required; not everyone is on line, and many connections are slow. if the data collection is limited to keystokes only, the data require- ment is relatively low, but the holding tank is still required. the alternative is to short range transmit the information and wire the neighborhoods with the receivers. one of their objective is to have everyone instantly "tappable". 4. establish data collection centers 60 million current net users --consider the data quantity 5. establish prescreen and select for analysis data processing consider the intelligence required 6. analysis software NSA may try to scan all international traffic in real time with key word recognition, etc. but keystroke, including dealing with editing, mistakes, corrections, etc, which confuse the input? bottom line: we aint there yet. however, a van outside in the street can pick up the signals from hundreds of machines. [ lost most of my recent files on a tape crash --there was a project at OxBridge which generated hash interferance which made scanning rather difficult - more effective than Tempest --can anyone refresh the pointer? ] there is no question the government expects intrusive technology. the burrow-critters are running on high-octane paranoia and they intend to preserve the status quo of governing without our consent. their historical means of controlling the news is running out of headroom; the internet gossip lines are faster than their reaction times. I certainly would not want to say the feds could not initiate and/or enforce any or all of the above requirements, but there is a point where even the American sloths will rise up and start the process of creating martyrs for the cause. a more probable approach is to limit the desemination of information by "known" opponents of government actions (trivial by blocking their network access once the control the ISPs; and maybe a few high profile trials with lead jacket incarcerations to scare off some of the less vociferous (dont say they cant jail us all). lastly, I look at it this way: for every measure, there is a counter- measure. if I can not determine the existence of SIGINT transmissions from my hardware/software, I'll be hanging up my spurs. after all, listening to gubmnt propoganda in both ears is redundent, who needs it? attila out... _________ On Wed, 8 Jul 1998, John Young wrote:

Dave Emery's remarks on government access to keystrokes (proposed by the NYT as an alternative to GAK) points to the probable increase of intrusive devices to counter increasing use of encryption and other privacy and anonymity measures.

This topic comes up here now and then, with mentions of a slew of methods to protect privacy of data during transmission or storage. But the possibility of logging the initial creation or manipulation of data is not as often discussed, nor how to tie a person to the data, as now being asked in legal and law enforcement fora to identify, catch, convict and jail computer culprits.

That the NYT floated the idea surely means someone is testing public response to an idea that seems to be more intrusive than GAK: the logging of initial data and any manipulation of it, prior to encrypting, and maybe including a means to link the actions to the user.

If this is logging (and related retrieval) is done covertly, encryption could thereby become a falsely reassuring cloak of privacy.

Dave thinks devices like these are surely in the works, and he can say more about their sponsors, technologies and implementations.

One driving force, as he previously noted, is the desire for devices to assure copyright protection, backed by the WIPO treaty, which now being considered for approval. See the House report on it at:

http://jya.com/hr105-551.txt (141K)

And the EFF and ACLU opposition to it:

hr2281-opp.htm

Other forces, though, are employers who want to snoop, law enforcement, government, marketers, actually the same groups who dislike privacy protection measures, but often prefer to snoop covertly while loudly proclaiming support for privacy.

Thus, the more general question Dave has raised is how widespread is the development and implementation of technolgies for covert surveillance on the Web and in desktop boxes -- happily spreading quietly while attention is focussed on the very encryption which it will circumvent?

And what are these devices, or what might they be, what might be countermeasures and who might be working for and against them. SDA must have insights to share.

Over to Dave Emery and those more knowledgeable.

For those who missed his earlier message we've put it, with a follow-up at:

http://jya.com/gaks-de.htm

__________________________________________________________________________ go not unto usenet for advice, for the inhabitants thereof will say: yes, and no, and maybe, and I don't know, and fuck-off. _________________________________________________________________ attila__ To be a ruler of men, you need at least 12 inches.... There is no safety this side of the grave. Never was; never will be.